SSL Randomly Getting Changed from Strict to Flexible

Is anyone else seeing SSL getting randomly switched from Strict to Flexible, thereby causing the “Too many redirects” error? We started seeing this across our customer base a few weeks ago with a very small percentage of domains. It’s been happening across multiple different CF accounts that are all, to the best of my knowledge, tightly controlled. A few domains have been toggled more than once, but that is the only change we have noticed. Since Flexible is the default setting, I am guessing that they are somehow getting reset, but I have no idea what could be causing it other than a system glitch. Some of the accounts use the Cloudflare API and some don’t.

Have you checked the audit log to see what made the change?
https://dash.cloudflare.com/?to=/:account/audit-log

2 Likes

Does that include changes via API?

Did not know this was logged … thank you! It looks like when an SSL renewal challenge fails for a primary domain from an old SSL provider (i.e. Google in the most recent case) CF is changing SSL from strict to flexible. Is this normal? I don’t remember it happening until recently, but maybe it is CF trying to allow the cert to renew on the next attempt?

Yes it does

I would be surprised as Cloudflare doesn’t unilaterally change settings and there’s no need to change the origin SSL/TLS settings for an edge certificate anyway. It would also break sites like mine that only use HTTPS to the origins as well.

Someone else may have an idea what’s happening here. Maybe a screenshot of the audit log with the change in might help.

Can you share the name of one or two of those domains?

And, +1 to this

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.